REMARKS 

Claims 3-5, 7-9, 11-19, 21-25, 27-29, 31-33, 25 and 37-43 are cancelled from the 
application without prejudice. 

New claims 44-58 are added to the application. 

The specification is amended above to correct typographical errors. 

No new matter is added to the application by way of these specification amendments. 

I. THE CLAIM AMENDMENTS 

The Applicant has cancelled all claims currently on file and has replaced them with new 
claims 44-58. The new claims relate to detection of software vulnerabilities and are based, at 
least in part, on Applicants' specification at page 34 line 1 1 to page 42 line 14. 

The Applicant reserves the right to pursue the cancelled claims or claims similar to the 
cancelled claims in a continuation application. 

II. THE SECTION 112, 2 nd PARAGRAPH REJECTION 

The examiner rejected application claims for being mdefinite. While the examiner's 
rejections are believed to be moot in view of the cancellation of the rejected claims from the 
application, the Applicant wishes to quickly traverse several of the examiner's rejections. 

A. The Rejection Of Claims 11, 27 and 37 

The examiner's rejected claims 1 1, 27 and 37 for reciting: "...a variable in the at least one 
anomaly characterisation rule which is defined as being in constant mode and is numerical is at 
least partly evaluated by providing a range of values for the variable" because it is unclear to the 
examiner how a "variable" can be a "constant" and then change the value of the "constant" (a 
fixed value). 

The examiner's rejection is overcome by removing the objectionable term from the newly 
presented claims. Moreover, the examiner's rejection is traversed. 

What was being claimed is commonplace mathematical terminology that teenagers in 
high school would understand. An example is the following equation: 
x + y = 9 (1) 
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Now it is incontrovertible that x and y are variables, each with an infinite number of values, and 
that Equation (1) defines a straight line with slope 135° to the x axis and intersecting the x and y 
axes at x and y = 9 respectively. If we add another equation as follows: 

x-y-1 (2) 
then here again x and y are variables each with an infinite number of values, and Equation (2) 
defines a straight line with slope 45° to the x axis and intersecting the x and y axes at x = 1 and 
y— 1. 

Combining Equations (1) and (2), there is only one value for each of x and y which 
satisfies both, i.e. x = 5 and y = 4, which are both constants. Variables being evaluated and 
becoming constants is therefore a commonplace concept familiar to teenagers in high school, let 
alone those of ordinary skill in the art of computing. 

As regards the art of computing: "variable", "constant" and "constant mode" are well 
accepted terms of art, as evidenced by the dictionary definitions Applicants have already supplied 
in repose to the previous Official Action. It is therefore improper to consider the use of these 
terms to be indefinite when they are being used in the context of their dictionary definitions and 
in the context that they would be understood by one of ordinary skill in the art at the time of the 
invention. 

As regards the objection that it is unclear how a "variable" can be a "constant" and then 
change the value of the "constant" (a fixed value), this is respectfully traversed. What is perfectly 
clear from Applicants' specification - which forms the basis of understanding claim terms when 
considered as a whole - is that background knowledge can require a variable to have one of a 
range of discrete values each of which is a constant (see e.g. above re rninutes_past_the_hour"). 
One uses each of the discrete values as a trial value in a rule and assesses the accuracy of the 
resulting rule as regards its ability to classify data correctly as anomalous or not. (See Applicants' 
specification at e.g. page 20 lines 6-17). The discrete value giving the best rule accuracy is then 
selected as the value to replace the variable in the rule. (See Applicants' specification at page 13 
lines 2-7 and page 15 lines 4-9 and 16-21). One therefore does not "change the value of the 
constant". Instead one evaluates the constant from a range of possible or trial values. 

For each of the reasons, the terms used in the cancelled claims and in the current claims 
are not indefinite to one skilled in the art at the time of the invention. 
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B. The Claim 12 Rejection 

The examiner's rejection of claim 12 is moot as the alleged indefinite claim terms are not 
part of the newly presented claims. 

C. The Claim 40 Rejection 

The examiner rejected claim 40 because the metes and bounds of the claimed invention 
cannot be established because there is not clear interdependency of the different steps in the 
claim. New independent claims 44, 49 and 54 are drafted in a manner that establishes a clear 
relationship between the claim steps in the new independent claims. For example, the training 
data provided in step (a) and the rule generalizations defined in step (b) are both received by the 
computer is step (c) and the remaining sub-steps of step (c) are performed. 

D. The Claim 41 Rejection 

The examiner's rejection of claim 41 is moot in view of the cancellation of claim 41 from 
the application. 

III. COMPLIANCE WITH SECTION 101 

The examiner rejected some of the cancelled claims for failing to define patentable 
subject matter. 

The new claims presented above include independent claims that require one or more 
method steps to be performed by a computer. Moreover, new claims 44 et sequi specify that the 
method is "to test for vulnerabilities in computer software", and in to specify that the alert or 
report is "in order to enable corrective action to be taken" as per Applicants' specification at e.g. 
page 1 1 lines 20-22 and page 35 lines 28-29. It is respectfully submitted that this represents a 
substantial practical application producing a real-world result. 

The examiner's rejection of cancelled claim 40 is traversed in detail below as the 
rejection could be applicable to newly presented independent claims 44, 49 and 54. Specifically, 
the Examiner rejected claim 40 under Section 101 alleging that the claimed subject matter is not 
repeatable because the claim recites defining a rule generalization based on logic of at least a first 
order, and there is no description as to what data is used to define this rule generalization. This 
objection is respectfully traversed, because one does not need any data to define the rule 
generalization. In this regard please see Applicants' specification at page 14 lines 1 to 7, where a 
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most general rule is clearly stated to be one having no conditions and which therefore does not 
rely on any data. There is, therefore, no reliance on any relationship between the rule 
generalisation, the training data and the background knowledge. A condition is added to the rule 
generalization to render it more specific using the training data and the background knowledge. 
(See also US Patent 6,782,377 to Agarwal et al., CI lines 66-67 "the most general rule, an empty 
rule, and progressively add..".). 

Moreover, since a most general rule is one having no conditions, it is always of the same 
form, contrary to the Examiner's remarks in this regard. Using this generalisation rule different 
results cannot be produced given the same data as inputs and the repeatable result objection is 
wrong. 

As indicated in Applicants' specification at page 1 1 lines 8-12, without access to experts who can 
supply background knowledge from their own experience, definitions of background knowledge 
can be generated using common sense e.g., concepts or functions relating to data attributes such 
as a number of transactions handled by a specified cashier and having a discrepancy between 
actual and expected cash. Consequently the invention can operate without expert background 
knowledge. If expert background knowledge is available, there will be additional material from 
which to develop rules from training data. In either event, the invention is repeatable: i.e. using 
the same training data and background knowledge, the same rule set will be developed and will 
produce the same results for reporting or alerting to a user. This is because logic is used in 
generating a rule set. Moreover, after a rule generalisation is processed to render it more specific, 
it is incorporated in the rule set if it classifies anomalies in the training data set adequately. More 
specific versions of rule generalisations are dropped if they don't satisfy this criterion. 

VI. THE PATENTABILITY OF NEW CLAIMS 44-58 

All newly presented pending application claims are believed to be novel and non-obvious. 
However, the Applicant also traverses the examiner's rejection of all cancelled claims below to 
the extent that newly added claims 44-58 include features similar to those of the cancelled claims 
and which are not disclosed or suggested by Agarwal et al. (USP 6,782,377). 
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A. Agarwal Does Not Disclose Methods Using Logic Of At Least First Order 

Independent claims 44, 49 and 54 all include steps involving applying logic of at least a 
First Order. This claim feature is not disclosed by Agarwal. 

The only form of logic disclosed by Agarwal is in CI lines 49-50, "Disjunctive Normal 
Form (DNF)", which Agarwal states to be "the most general form of a rule-based model". The 
variables in DNF represent propositions regarding truth or falsity in connection with data. They 
don't require anything more than propositional logic. In particular they do not require First- 
Order Logic or Higher-Order Logic to represent rules. 

The Examiner cites Agarwal: CI, L49-65, C8, L5-55 and C12-13, appendix 1-2 regarding 
Higher-Order Logic, but nowhere in these cited extracts does Higher-Order Logic appear. As 
stated in Applicants' response to the previous Official Action, the Oxford Dictionary of 
Computing, Oxford University Press, fourth edition, 1996 defines First-Order logic (or predicate 
calculus) as follows: 

"A fundamental notation for representing and reasoning with logical statements. It 
extends propositional calculus by introducing the quantifiers, and by allowing 
predicates and functions of any number of variables". 

First-Order logic therefore cannot be propositional logic as disclosed in Agarwal at least because 
First-Order logic extends propositional calculus. 

The examiner either appears to ignore or does not accept Applicants' assertion that 
Agarwal does not teach First-Order logic: as has been said Applicants intend to obtain an 
affidavit from an independent expert in this regard. However, Applicants would respectfully 
refer the Examiner to various parts of Agarwal that disclose only propositional logic. For 
example, Appendix 2 lines 9 and 10 (opposite line 40 in C.l 1) for categorical type, which are: 

Form rule Rl: RF AND (A = v) 

Form rule R2: RF AND (A ± v) 

These mean that rule Rl is formed by adding to the empty rule RF the condition that attribute A 
is equal to v, and (different) rule R2 is formed by adding to the empty rule RF the condition that 
attribute A is not equal to v. These are conditions with a constant v, a statement of true or false 
typical of propositional logic contrary to the Examiner's remarks in this regard. Similar remarks 
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apply to Agarwal Appendix 2 lines 3 1 and 37 for forming rules Rl and R2 in continuous type, 
Rl being A < vr and R2 being vl < A < vr. These are all the actual examples (as opposed to 
mere discussion) of rule formation in Agarwal. 

The difference between prepositional logic and First-Order logic can easily be appreciated as 
follows, for example, in Agarwal C.6 L.5, the statement "formed by different attributes and their 
values" clearly grounds the whole approach into the propositional (or Oth order) logic setting. 
This does not generalize to the first or higher order at all. The intent here is clearly to remain in 
attribute-value language, hence propositional logic. 

Furthermore, in Agarwal C.8, L.5-25 the Pi's and the Ni's which form part of the rules 
generated by the algorithm are propositional. Again, there is nothing first-order here. First-order 
logic includes at least the ability to equate two attributes. This is not available in the language 
described here. The ensuing discussion from C.8 L.35-55 is also strictly propositional. The 
approach described to handle continuous-valued attributes (i.e., two one-sided conditions) is 
similar to what is done by the well-known C4.5 algorithm (see Quinlan, J. R. 1993. C4.5: 
Programs for machine learning. San Francisco: Morgan Kaufmann). Subset-valued conditions 
must not be confused with first-order conditions. Here subset- valued conditions represent 
nothing but a shorthand for disjunction, i.e, x={l,2,3} means x=l or x=2 or x=3, which is a 
propositional statement. Here there is no implied subset relationship or any other set operations, 
which belong to the first or higher-order. 

For at least these reasons, the examiner's statement that Agarwal teaches rules defined 
using at least First-Order logic" is traversed. Moreover, the Applicant has spent much time and 
effort reviewing Agarwal and explaining in detail why the reference does not disclose the use of 
logic of the first order or higher. Indeed, the examiner broadly cited to 8 columns of Agarwal for 
disclosing this claim feature. The Applicant has, therefore, strongly rebutted the examiner's 
prima facie case of obviousness. Should the examiner continue to believe that Agarwal discloses 
first order or higher logic, then the Applicant asks the examiner to specifically point out the logic 
disclosed in Agarwal that is deemed to be first order or higher - not by citing to eight columns of 
the reference but by pointing out the specific disclosure in Agarwal that the examiner would 
allege to amount to first order or higher logic. 
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The examiner appears to concede that Agarwal does not disclose first order or higher 
logic when he argues in the alternative that "First Order logic is widely known and used in the 
computer arts and would only require routine skill of a person of ordinary skill in the arts to 

implement as a matter of obvious design choice." The examiner's position is respectfully 

traversed because it is an assertion unsupported by actual evidence. It is well accepted that a 
combination of elements previously known individually can be patentable, otherwise many 
meritorious mechanical inventions would not be patentable. 

Moreover, First Order logic or Higher-Order logic is not mentioned by Agarwal for 
reasons previously given. The Agarwal inventors must be considered to be of inventive skill 
because they have been granted a patent, and therefore they have more than ordinary skill in the 
art. If it did not occur to them to use First Order logic or Higher-Order logic, it must be regarded 
as non-obvious to do so. 

The Examiner states that Agarwal anticipates developing the rule set using Higher-Order 
logic. The examiner's position is respectfully traversed for reasons given above. As discussed in 
Applicant's specification at page 27 lines 5-13, Higher-Order Logic provides considerable 
advantages over propositional logic used by Agarwal, because it allows logic functions and 
predicates to take other functions and predicates as arguments, and provides a natural mechanism 
for reasoning about sets of objects. Agarwal does not use Higher-Order Logic for rule generation 
despite its advantages and its being published before Agarwal was filed in 2001 . Given the 
inventive skill of the inventors of Agarwal, and their failure to use Higher-Order Logic despite its 
being published, it is respectfully submitted that it cannot be obvious to use Higher-Order Logic 
for rule generation. It is emphasised that the claims are directed to using Higher-Order Logic for 
nothing other than rule generation. 

Any obviousness rejection raised by the examiner based upon optimization allegations 
must be based upon knowledge of one skilled in this area of art at the time of the invention. The 
examiner has failed to demonstrate that one skilled in the field of art of the claimed invention 
would have considered using first order or higher logic for any purpose. For at least this reason, 
the pending application claims are patentable. 

B. Agarwal Does Not Disclose Step (c)(iii) Of Independent Claims 44, 49 And 54 
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The Examiner objects that Agarwal discloses the step of "evaluating the more specific 
rule generalization by applying it to the training data set to identifying anomalies" of sub- 
paragraph c)ii) of claims 40, 42 and 43 - now step (c)(iii) of claims 44, 49 and 54 (citing 
Agarwal: CI, L49 to C2, L34; C3, LI 1-59; C6, LI to C7, L27; C8, L5 to C9, L24; C12-13, 
Appendix 1-2). Here, claims 44, 49 and 54 are all limited to at least First-Order logic, which 
allows predicates and functions of any number of variables. In this regard the Examiner claims 
that in Agarwal Appendix 2, rules Rl and R2 are formed from RF by evaluating attribute-type 
pair A. The examiner is mistaken. Agarwal Appendix 2 does not state that attribute-type pair A 
is evaluated. Instead, Appendix 2 teaches that for each attribute-type pair (A, type), "A" is not an 
attribute-type pair, A is the attribute and the type is categorical or continuous. (See Agarwal 
Appendix 2 lines to the right of lines 38 and 46-47 of column 1 1). Moreover, "type" is not 
"evaluated" in Agarwal. Instead, "type" merely governs which rule processing technique is used. 
(See, e.g, "if type is categorical" and "if type is continuous" in Agarwal Appendix 2 then 
Attribute A is equal to v in Rl and not equal to v in R2). 

Agarwal also does not disclose step (c)(iii) of the pending independent claims because 
Agarwal teaches using an evaluation metric "EvaluationMetric" instead of applying a rule set to a 
data set as claimed. (See C.8 L.66 to C9 L.2 of Agarwal). AgarwaPs "EvaluationMetric 
measures how many standard deviations separate the mean of the rule and the mean of the target 
class. The greater the separation, the better can R distinguish examples of class C". 

All pending application claims are patentable over Agarwal for these reasons. 

C. Agarwal Does Not Disclose Step (c)(iv) Of Independent Claims 44, 49 And 54 

The examiner wrongly claims that Agarwal discloses step (c)(iv) "incorporating the more 
specific rule generalisation in the rule set if it classifies anomalies in the training data set 
adequately in terms of covering at least some of the positive anomaly examples" Unlike 
Applicants' invention Agarwal does not teach incorporating the more specific rule generalisation 
in the rule set on the basis of ability to classify anomalies. Instead Agarwal teaches using 
EvaluationMetric as discussed above. 
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CONCLUSION 

The pending application and claims are believed to be in a patentable condition. 
Favorable reconsideration and allowance of all pending application claims is courteously 
solicited. 

McDonnell Boehnen Hulbert & Berghoff LLP 



Date: June 25, 2009 By: /A. Blair Hughes/ 

A. Blair Hughes 
Reg. No. 32,901 
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